From 76a7b10005c70babee357a7d0f2becf28ec7ed1e Mon Sep 17 00:00:00 2001
From: Yossi Gottlieb <yossigo@gmail.com>
Date: Tue, 13 Jul 2021 15:16:14 -0700
Subject: Fix for integer/buffer overflow CVE-2021-32765

This fix prevents hiredis from trying to allocate more than `SIZE_MAX`
bytes, which would result in a buffer overrun.

[Full Details](https://github.com/redis/hiredis/security/advisories/GHSA-hfm9-39pp-55p2)
---
 hiredis.c | 1 +
 1 file changed, 1 insertion(+)

(limited to 'hiredis.c')

diff --git a/hiredis.c b/hiredis.c
index a7fbf48..ab0e398 100644
--- a/hiredis.c
+++ b/hiredis.c
@@ -174,6 +174,7 @@ static void *createArrayObject(const redisReadTask *task, size_t elements) {
         return NULL;
 
     if (elements > 0) {
+        if (SIZE_MAX / sizeof(redisReply*) < elements) return NULL;  /* Don't overflow */
         r->element = hi_calloc(elements,sizeof(redisReply*));
         if (r->element == NULL) {
             freeReplyObject(r);
-- 
cgit v1.2.3